4,208 research outputs found
Design and Analysis of an Instrumenting Profiler for Webassembly
This thesis presents the design, implementation, and analysis of WasmProf, an instrumenting profiler for WebAssembly programs. WebAssembly is a compiled language designed for use on the web that, at the time of this writing, is still being actively developed. At present, performance analysis for WebAssembly programs mostly consists of browsers’ built-in sampling profilers. These profilers work well in many cases but only give a statistical estimation of the distribution of function calls and are, therefore, not well-suited for more fine-grained analysis. The WasmProf instrumenting profiler fills this analysis gap. WasmProf is capable of tracking the number of calls made and the time spent in every function called within the profiled program. Analysis of WasmProf demonstrates performance equivalent to or slightly better than similar tools that perform instrumentation and dynamic analysis on WebAssembly programs
Recommended from our members
The Impact of Industry Collaboration on Academic Research Output: A Dynamic Panel Data Analysis
The aim of this paper is to analyse the impact of university knowledge and technology transfer activities on academic research output. Specifically, we study whether researchers with collaborative links with the private sector publish less than their peers without such links, once controlling for other sources of heterogeneity. We report findings from a longitudinal dataset on researchers from two engineering departments in the UK between 1985 until 2006. Our results indicate that researchers with industrial links publish significantly more than their peers. Academic productivity, though, is higher for low levels of industry involvement as
compared to high levels
Preventing SQL Injection through Automatic Query Sanitization with ASSIST
Web applications are becoming an essential part of our everyday lives. Many
of our activities are dependent on the functionality and security of these
applications. As the scale of these applications grows, injection
vulnerabilities such as SQL injection are major security challenges for
developers today. This paper presents the technique of automatic query
sanitization to automatically remove SQL injection vulnerabilities in code. In
our technique, a combination of static analysis and program transformation are
used to automatically instrument web applications with sanitization code. We
have implemented this technique in a tool named ASSIST (Automatic and Static
SQL Injection Sanitization Tool) for protecting Java-based web applications.
Our experimental evaluation showed that our technique is effective against SQL
injection vulnerabilities and has a low overhead.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330
Device-Centric Monitoring for Mobile Device Management
The ubiquity of computing devices has led to an increased need to ensure not
only that the applications deployed on them are correct with respect to their
specifications, but also that the devices are used in an appropriate manner,
especially in situations where the device is provided by a party other than the
actual user. Much work which has been done on runtime verification for mobile
devices and operating systems is mostly application-centric, resulting in
global, device-centric properties (e.g. the user may not send more than 100
messages per day across all applications) being difficult or impossible to
verify. In this paper we present a device-centric approach to runtime verify
the device behaviour against a device policy with the different applications
acting as independent components contributing to the overall behaviour of the
device. We also present an implementation for Android devices, and evaluate it
on a number of device-centric policies, reporting the empirical results
obtained.Comment: In Proceedings FESCA 2016, arXiv:1603.0837
Shining Light On Shadow Stacks
Control-Flow Hijacking attacks are the dominant attack vector against C/C++
programs. Control-Flow Integrity (CFI) solutions mitigate these attacks on the
forward edge,i.e., indirect calls through function pointers and virtual calls.
Protecting the backward edge is left to stack canaries, which are easily
bypassed through information leaks. Shadow Stacks are a fully precise mechanism
for protecting backwards edges, and should be deployed with CFI mitigations. We
present a comprehensive analysis of all possible shadow stack mechanisms along
three axes: performance, compatibility, and security. For performance
comparisons we use SPEC CPU2006, while security and compatibility are
qualitatively analyzed. Based on our study, we renew calls for a shadow stack
design that leverages a dedicated register, resulting in low performance
overhead, and minimal memory overhead, but sacrifices compatibility. We present
case studies of our implementation of such a design, Shadesmar, on Phoronix and
Apache to demonstrate the feasibility of dedicating a general purpose register
to a security monitor on modern architectures, and the deployability of
Shadesmar. Our comprehensive analysis, including detailed case studies for our
novel design, allows compiler designers and practitioners to select the correct
shadow stack design for different usage scenarios.Comment: To Appear in IEEE Security and Privacy 201
- …